If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Horse: Thats why I told him to slap a hub in the system with the sniffer box and the offending box connected to it. Failing that, there is always a bottleneck at some point on the way out to the internet. Stick the hub there so you can see all inbound and outbound traffic, (especially since he isn't firewalled...... Hell, what Unhappy will see there will justify the purchase of something to block the outside world......). Then he can sniff the moron till the cows come home.

Yeah, I'm a PureSecure fan but I use it only for the "real-time" view. I use plain snort -> syslog for the detailed/archive logs. I like the interface on PureSecure in so far as it allows me quick access to recent events and some summary data etc. too. I also use the HIDS on all my public and AD boxes and I really like the system monitoring. All my public services are checked every 5 minutes as are all my routers throughout the entire WAN. It's kinda nice knowing that I know of a failure in less than 5 minutes and being able to tell callers, "Yep, I know... Working on it"...... makes them think you are an all-seeing Demi-God.......

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides